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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
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Art Unit: 2137 

DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on July 31 , 
2007 has been entered. 

Claims 1-25 remain withdrawn. 

Claims 26, 36, 48, and 50 are amended. 

Claims 26-50 are pending and herein considered. 



Response to Arguments 

Applicant's arguments filed July 31, 2007 have been fully considered but they are 
moot in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 26-50 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
United States Patent No. 5,070,528 to Hawe at al. and further in view of US Patent No. 
6,973,568 B2 to Hagerman. 

As per claim 26, Hawe teaches a method for processing frames in a fibre 
channel network having a first network entity and a second network entity, the method 
comprising: 

receiving a frame at a first network entity from the second network entity in a fibre 
channel network (col. 8 lines 24-51); 

identifying a security control indicator in the frame from the second network 
entity, wherein the security control indicator is used to determine if the frame is 
encrypted (col.6 lines 36-54); 

decrypting the first portion of the frame (col. 16 lines 1-14). 

Hawe fails to teach determining that a security association identifier associated 
with the frame corresponds to an entry in a security database and decrypting the first 
portion of the frame by using algorithm information contained in the entry in the security 
database. Hawe also fails to provide for authentication of any type. 

Hagerman teaches a secure fibre channel communication network utilizing 
security association identifiers associated with frames which correspond to an entry in a 
security database (col. 3 lines 43-47; col.7 lines 1 1-34) and decrypting the first portion of 
the frame by using algorithm information contained in the entry in the security database 
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(col.7 lines 1 1-34). Hagerman goes on to teach the use of authentication within his 
system to provide for additional security (Abstract, col. 3 lines 23-42). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to include within Hawe the authentication, security database, and 
decryption utilizing the security database as described in Hagerman to provide 
increased levels of security and overall scalability. 

As per claim 27, the combined method of Hawe and Hagerman teaches wherein 
the entry in the security database was created after a fibre channel network 
authentication sequence between the first and second network entities (Hagerman col.7 
lines 1-10). 

As per claim 28, the combined method of Hawe and Hagerman teaches wherein 
the first portion is decrypted using a key contained in the entry in the security database 
(Hagerman col. 3 lines 43-53). 

As per claim 29, the combined method of Hawe and Hagerman teaches wherein 
the first portion is encrypted using DES, 3DES or AES (Hagerman col.7 lines 1-10). 

As per claim 30, the combined method of Hawe and Hagerman teaches 
recognizing that a second portion of the frame supports authentication; using algorithm 
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information contained in the entry in the security database to authenticate the second 
portion of the frame (Hagerman col. 5 lines 15-41). 

As per claim 31, the combined method of Hawe and Hagerman teaches wherein 
the second portion is authenticated using MD5 or SHA1 (Hagerman col. 3 lines 34-42; 
col.7 lines 35-44). 

As per claim 32, the combined method of Hawe and Hagerman teaches wherein 
the authentication sequence is a fibre channel login sequence between the first and 
second network entities (Hagerman col. 3 lines 34-47). 

As per claim 33, the combined method of Hawe and Hagerman teaches wherein 
the login sequence is a PLOGI or FLOGI sequence (Hagerman col. 6 lines 6-13). 

As per claim 34, the combined method of Hawe and Hagerman teaches wherein 
the first and second network entities are domain controllers and the authentication 
sequence is a FC-CT sequence (Hagerman col.1 lines 28-40). 

As per claim 35, the combined method of Hawe and Hagerman teaches wherein 
the first and second network entities are domain controllers and the authentication 
sequence is a SW-TL sequence (Hagerman col.6 lines 6-14). 



Application/Control Number: 10/034,367 Page 6 

Art Unit: 2137 

As per claim 36, Hawe teaches a method for transmitting encrypted frames in a 
fibre channel network having a first network entity and a second network entity, the 
method comprising: identifying a fibre channel frame having a source corresponding to 
the first network entity and a destination corresponding to the second network entity 
(col. 8 lines 24-51); providing a security control indicator in the fibre channel frame, 
wherein the security control indicator is use to determine if the frame is encrypted and 
authenticated (col. 6 lines 36-54); transmitting the fibre channel frame to the second 
network entity (col. 8 lines 24-51). 

Hawe fails to teach determining that a security association identifier associated 
with the frame corresponds to an entry in a security database and encrypting the first 
portion of the frame by using algorithm information contained in the entry in the security 
database. Hawe also fails to provide for authentication of any type. 

Hagerman teaches a secure fibre channel communication network utilizing 
security association identifiers associated with frames which correspond to an entry in a 
security database (col. 3 lines 43-47; col. 7 lines 1 1-34) and encrypting the first portion of 
the frame by using algorithm information contained in the entry in the security database 
(col. 7 lines 1 1-34). Hagerman goes on to teach the use of authentication within his 
system to provide for additional security (Abstract, col. 3 lines 23-42). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to include within Hawe the authentication, security database, and 
encryption utilizing the security database as described in Hagerman to provide 
increased levels of security and overall scalability. 
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As per claim 37, the combined method of Hawe and Hagerman teaches wherein 
the entry in the security database was created after a fibre channel network 
authentication sequence between the first and second network entities (Hagerman col. 7 
lines 1-10). 

As per claim 38, the combined method of Hawe and Hagerman teaches wherein 
the payload is encapsulated using the Authentication Header protocol or the 
Encapsulating Security Payload protocol (Hagerman col. 7 lines 1-10). 

As per claim 39, the combined method of Hawe and Hagerman teaches adding 
security information to the header of the fibre channel frame (Hagerman col. 3 lines 23- 
33). 

As per claim 40, the combined method of Hawe and Hagerman teaches wherein 
a first portion of the fibre channel frame is encrypted using DES, 3DES, or AES 
(Hagerman col.7 lines 1-10). 

As per claim 41, the combined method of Hawe and Hagerman teaches wherein 
parameters in the header are normalized prior to encrypting the first portion of the fibre 
channel frame (Hagerman col. 3 lines 48-53). 
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As per claim 42, the combined method of Hawe and Hagerman teaches wherein 
the payload is padded prior to encrypting the first portion of the fibre channel frame 
(Hagerman col. 5 lines 3-25). 

As per claim 43, Hagerman teaches computing authentication data using key 
and algorithm information as well as a second portion of the fibre channel frame 
(Hagerman col. 5 lines 15-25). 

As per claim 44, the combined method of Hawe and Hagerman teaches wherein 
authentication data is computed using MD5 or SHA1 (Hagerman col. 3 lines 34-42; col. 7 
lines 35-44). 

As per claim 45, the combined method of Hawe and Hagerman teaches wherein 
the authentication sequence is a fibre channel login sequence between the first and 
second network entities (Hagerman col. 3 lines 34-47). 

As per claim 46, the combined method of Hawe and Hagerman teaches wherein 
the login sequence is a PLOGI or FLOGI sequence (Hagerman col.6 lines 6-13). 

As per claim 47, the combined method of Hawe and Hagerman teaches wherein 
the first and second network entities are domain controllers and the authentication 
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sequence is a FC-CT sequence or an SW-ILS message (Hagerman col.1 lines 28-40; 
col.6 lines 6-14). 

Claim 48 corresponds to an apparatus employing the method described in claim 

36 and is rejected accordingly. 

Claim 49 corresponds to an apparatus employing the method described in claim 

37 and is rejected accordingly. 

As per claim 50, Hawe teaches an apparatus for receiving encrypted frames in a 
fibre channel network having a first network entity and a second network entity, the 
apparatus comprising: means for identifying that the frame has been encrypted and 
authenticated (col.6 lines 36-54); means to decrypt the eventually encrypted frame 
(col.16 lines 1-14); 

Hawe fails to teach means to lookup the security parameters in a security 
database that allows de-encapsulation of the frame and means to verify that the 
message has been sent by the sender, and that has not been tampered with during its 
transmission. 

Hagerman teaches a secure fibre channel communication network utilizing 
security association identifiers associated with frames which correspond to an entry in a 
security database (col. 3 lines 43-47; col. 7 lines 1 1-34) and decrypting the first portion of 
the frame by using algorithm information contained in the entry in the security database 
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(col.7 lines 1 1-34). Hagerman goes on to teach the use of authentication in order to 
verify that messages have been sent by the sender, and that they have not been 
tampered with during transmission (Abstract, col. 3 lines 23-42). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to include within Hawe the authentication, security database, and 
decryption utilizing the security database as described in Hagerman to provide 
increased levels of security and overall scalability. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tamara Teslovich whose telephone number is (571) 

272- 4241. The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

T. Teslovich 




CYNTHIA BRITT 
PRIMARY EXAMINER 
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